package com.ant.user.utils;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;

public class SignatureUtils {

    public static PrivateKey loadPrivateKey(String privateKeyPath) throws InvalidKeySpecException , IOException , NoSuchAlgorithmException
    {
        Path path = Paths.get(privateKeyPath);
        if (!Files.exists(path)) {
            throw new FileNotFoundException("Private key not found: " + privateKeyPath);
        }

        String pemContent = new String(Files.readAllBytes(path))
                .replaceAll("\n", "")
                .replace("----- BEGIN PUBLIC KEY -----", "")
                .replace("----- BEGIN PRIVATE KEY -----", "")
                .replace("----- END PUBLIC KEY -----", "")
                .replace("----- END PRIVATE KEY -----", "");

        byte[] encodedKey = Base64.getDecoder().decode(pemContent);
        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        return keyFactory.generatePrivate(keySpec);
    }

    public static PublicKey loadPublicKey(String publicKeyPath)throws IOException, NoSuchAlgorithmException, InvalidKeySpecException
    {
        Path path = Paths.get(publicKeyPath);
        if (!Files.exists(path)) {
            throw new FileNotFoundException("Private key not found: " + publicKeyPath);
        }

        String pemContent = new String(Files.readAllBytes(path))
                .replaceAll("\n", "")
                .replace("----- BEGIN PUBLIC KEY -----", "")
                .replace("----- BEGIN PRIVATE KEY -----", "")
                .replace("----- END PUBLIC KEY -----", "")
                .replace("----- END PRIVATE KEY -----", "");

        byte[] encodedKey = Base64.getDecoder().decode(pemContent);
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(encodedKey);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        return keyFactory.generatePublic(x509EncodedKeySpec);
    }

    public static String GenerateSignature(String data, PrivateKey privateKey)throws NoSuchAlgorithmException, InvalidKeyException, SignatureException
    {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(data.getBytes(StandardCharsets.UTF_8));
        return Base64.getUrlEncoder().withoutPadding().encodeToString(signature.sign());
    }

    public static boolean VerifySignature(String data, PublicKey publicKey, String signatureData) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException
    {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(publicKey);
        signature.update(data.getBytes(StandardCharsets.UTF_8));
        return signature.verify(Base64.getUrlDecoder().decode(signatureData.getBytes(StandardCharsets.UTF_8)));
    }


}
